Skip to content
BeeShelf
Cataloging Circulation Discovery Pricing Docs
Sign in Get started
Cataloging Circulation Discovery Requests Pricing Docs Sign in

Legal

Privacy PolicyTerms of ServiceData Processing AddendumSub-processorsTrust & Compliance

Privacy Policy

Effective 4 July 2026

BeeShelf is a cloud library system operated by iBX Design Consultancy (“BeeShelf”, “we”, “us”), based in Dubai Silicon Oasis, United Arab Emirates. This policy explains what personal data BeeShelf handles, why, and the controls you and your library have over it. Privacy is a core design principle of the product, not a footnote — this policy describes how that works in practice.

1. Who is responsible for your data (controller vs. processor)

BeeShelf serves institutions — schools, colleges, and libraries — and this shapes who is responsible for what:

  • Library data — the institution is the controller; BeeShelf is the processor. When a library uses BeeShelf, the library decides what member and circulation data to collect and why. BeeShelf only processes that data on the library’s instructions, to provide the service. This includes borrower records, loans, holds, requests, and reading history. For schools, this is the “school official” / processor model (see our Trust & Compliance page).
  • Account & billing data — BeeShelf is the controller. For the account of the person who sets up a library, our billing records, and the operation and security of the platform itself, BeeShelf determines the purposes and is the controller.

If you are a borrower and want to exercise a right over your library records, contact your library first — they control that data. We will support them (and you) in fulfilling the request.

2. What we collect

Library staff & administrators

  • Name, email address, and role.
  • A securely hashed password (we never store passwords in readable form).

Members (borrowers)

  • Name and (optionally) email address.
  • A library card / barcode and member category, if the library uses them.
  • A securely hashed password, if the member creates an online account.
  • Borrowing activity: loans, holds, renewals, fines, and title requests — the records a library needs to run.
  • Reading-taste signals used to power recommendations and discovery. This is optional and can be switched off — by the member for themselves, and by the institution for everyone (see §6).

Technical & security data

  • Limited request metadata (such as IP address) used to rate-limit sign-ins and protect against abuse.
  • Operational logs needed to run and secure the service.

Billing data

  • Plan, subscription status, and billing contact. Card details are handled entirely by Stripe and never touch BeeShelf’s servers. Payments are processed by Stripe under iBX.

We do not sell personal data, and we do not run behavioural advertising.

3. Why we use it (and our legal bases)

PurposeLegal basis (GDPR)
Providing the library service on the institution’s instructionsPerformance of a contract / processing for the controller
Securing accounts, rate-limiting, preventing abuseLegitimate interests
Personalized recommendations & discoveryConsent (opt-in / opt-out, per member and per institution)
Billing and account administrationPerformance of a contract
Meeting legal and regulatory obligationsLegal obligation

4. Where your data lives & who processes it

BeeShelf hosts data in the European Union (Frankfurt, Germany), on managed infrastructure. We use a small, vetted set of sub-processors to run the service (hosting, database, email, payments, and optional AI features). The full list, what each does, and where it processes data is published and kept current on our Sub-processors page. Where data is transferred outside the EU/EEA (for example, an email or AI provider), we rely on appropriate safeguards such as Standard Contractual Clauses.

5. How long we keep it

  • The institution controls retention. A library can choose not to retain reading history (keeping only active loans), and can purge returned-loan history older than a chosen cut-off.
  • Records are soft-deleted first (recoverable for a short window) before removal, to prevent accidental loss.
  • Account and billing records are kept for as long as the account is active and as required by law afterwards.
  • When a library closes its account, its data is deleted or returned on request within a reasonable period, as set out in our Data Processing Addendum.

6. Your controls & rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to the processing of your personal data. BeeShelf is built to support these:

  • Access & portability. A library can export its full data set (members, holdings, loans, holds, requests) at any time, in a portable format — a one-click, no-lock-in export.
  • Correction & deletion. Staff can edit and remove member records; deletions are honoured through the system.
  • Opt out of personalization. Any member can turn off taste-based recommendations for themselves; an institution can run in popularity-only mode with no behavioural tracking at all.
  • Retention control. Institutions decide whether reading history is kept and for how long.

To exercise a right: members should contact their library (the controller); libraries and account holders can contact us at hello@beeshelf.com. You also have the right to complain to your data protection authority.

7. Children & students

BeeShelf is provided to institutions, not marketed to children directly. Where minors use BeeShelf, they do so through their school or library, which acts as the controller and provides any required consent under laws such as COPPA and FERPA. We do not knowingly collect personal data from children outside this institutional relationship, we do not use student data for advertising, and personalization can be disabled entirely for an institution. See Trust & Compliance for detail.

8. Security

  • Encryption in transit (TLS) and at rest on managed infrastructure.
  • Strict tenant isolation: every library’s data is separated at the database level (row-level security), so one library can never read another’s.
  • Passwords are stored only as salted hashes; sign-in endpoints are rate-limited against brute force.
  • Email verification gates borrowing; role-based access controls limit what staff can do.

No system is perfectly secure, but security is designed in from the schema up. Our incident-notification commitments are set out in our Data Processing Addendum.

9. Cookies & local storage

BeeShelf uses local browser storage to keep you signed in and remember essential preferences. It does not use third-party advertising or cross-site tracking cookies.

10. Changes to this policy

We’ll update this policy as the product and our obligations evolve, and revise the date above. Material changes affecting institutions will be communicated through the service.

11. Contact

The data controller for account and billing data is iBX Design Consultancy, Dubai Silicon Oasis, United Arab Emirates. Questions about privacy? Email hello@beeshelf.com.

BeeShelf

A library system built around the reason the library exists.

Product

Cataloging Circulation Discovery Requests Pricing Documentation

Get going

Get started See the live demo Sign in

Company

Contact Privacy Terms Trust & Compliance
© 2026 BeeShelf · an iBX product Made for the libraries the big systems forgot.